Cryptography serves a number of important roles in the fields of e-communication and e-commerce. For example, a first party sending a message to a second party may wish to ensure that the message remains confidential, and the second party receiving the message may wish to verify the origin authenticity of the message. Accordingly, the first (sending) party may use the principles of cryptography to encrypt the message such that only the second (receiving) party is able to read the message. Additionally, cryptography may be used to prove that the message received by the second party was actually sent by the first party and not by a party impersonating the first party.
Asymmetric encryption is one method of cryptography that is able to satisfy the confidentiality and authentication concerns discussed above. With asymmetric encryption, the sending party and the receiving party each possesses a pair of cryptographic keys: a public key and a private key. For example, each key may be a very large prime number or related to a very large prime number. Each public/private key pair is selected such that a message encrypted with one of the keys can only be decrypted with the other key in the key pair. In general, a public key is made public (i.e., generally accessible and available to the public), while a private key is kept private to just the owner of the public/private key pair.
To preserve a message's confidentiality using asymmetric encryption, the sending party retrieves the public key of the receiving party and encrypts, or “signs,” the message to the receiving party using the receiving party's public key. For example, the sending party may input the message (“cleartext”) and the receiving party's public key into an encryption algorithm that outputs an encrypted message (“ciphertext”). The sending party then sends the ciphertext to the receiving party. Once the receiving party receives the ciphertext, the receiving party decrypts the message using the receiving party's private key. For example, the receiving party may input the ciphertext and the receiving party's private key into a decryption algorithm that outputs the cleartext (i.e., the unencrypted message). Because only the receiving party has access to the private key that corresponds to the public key the sending party used to encrypt the message, only the receiving party is able to read the message. An intercepting party would be unable to decrypt the message without access to the receiving party's private key.
Additionally, asymmetric encryption may be used to verify a message's origin authenticity. To do this, the sending party encrypts the message using the sending party's private key. For example, the sending party may input the cleartext and the sending party's private key into an encryption algorithm that outputs ciphertext. Alternatively, the sending party may input the cleartext into a hash algorithm that generates a “hash,” a smaller mathematical representation of the message. The sending party may then input the hash and the sending party's private key into an encryption algorithm that outputs ciphertext. Regardless, the sending party then sends the ciphertext to the receiving party. Once the receiving party receives the ciphertext, the receiving party can verify that the sending party was actually the party that sent the message by retrieving the sending party's public key and using the sending party's public key to decrypt the message. For example, the receiving party may input the ciphertext and the sending party's public key into a decryption algorithm that outputs the cleartext or the hash. Because the sending party's public key should be able to decrypt anything signed with the sending party's private key, if the receiving party is able to decrypt the ciphertext with the sending party's public key, the receiving party can be confident that the message was signed by the sending party and thus came from the sending party. However, if the receiving party is unable to decrypt the ciphertext with the sending party's public key, the receiving party will know that the message did not come from the sending party or that the message has been tampered with in some way. In other words, by encrypting the message with the sending party's private key, the sending party is able to provide a digital signature for the message.
In traditional encryption schemes, encrypting a message with the receiving party's public key and creating a digital signature with the sending party's private key take place using two separate algorithms. For example, the sending party may first encrypt the cleartext using the sending party's private key to create a digital signature and re-encrypt the output using the receiving party's public key. Additionally, in some configurations, the encryption and digital signature steps may each require a separate key pair. With signcryption, however, a party is able to complete the encryption and digital signature steps using one algorithm and one key pair per party. For example, the sending party may input the cleartext, the sending party's private key (and in some configurations, the sending party's public key), and the receiving party's public key into a signcryption algorithm. The signcryption algorithm then outputs ciphertext that includes the sending party's digital signature and can only be decrypted by the receiving party using the receiving party's private key.